LinkedIn breach puts site's reputation on the line
LinkedIn is seeking to determine the full extent of the security breach which led to over 6 million customer passwords appearing on underground sites used by criminal hackers. While LinkedIn has invalidated the stolen passwords, they do not yet know if any other account information has been stolen or how serious a breach they suffered. Some experts criticize the company for lacking sophisticated data security practices. LinkedIn lacks a CIO or a CISO and did not follow the industry standards for encryption which requires a technique referred to a “salting” which increases the time and computer power needed to crack an encrypted password.
LinkedIn did not detect the security breach; it was discovered through the listing of large numbers of passwords on underground hacking sites. Until it is determined how the breach occurred, it is difficult to point to a specific area in which LinkedIn needs to improve IT security. In general, based upon the article, LinkedIn should seek to improve their encryption software, determine if they have adequate defense-in-depth access protections, and review their overall policies and procedures for their IT security.
LinkedIn breach puts site's reputation on the line
LinkedIn is seeking to determine the full extent of the security breach which led to over 6 million customer passwords appearing on underground sites used by criminal hackers. While LinkedIn has invalidated the stolen passwords, they do not yet know if any other account information has been stolen or how serious a breach they suffered. Some experts criticize the company for lacking sophisticated data security practices. LinkedIn lacks a CIO or a CISO and did not follow the industry standards for encryption which requires a technique referred to a “salting” which increases the time and computer power needed to crack an encrypted password.
LinkedIn did not detect the security breach; it was discovered through the listing of large numbers of passwords on underground hacking sites. Until it is determined how the breach occurred, it is difficult to point to a specific area in which LinkedIn needs to improve IT security. In general, based upon the article, LinkedIn should seek to improve their encryption software, determine if they have adequate defense-in-depth access protections, and review their overall policies and procedures for their IT security.
2nd article: 10/10